Premium Rate Fraud
By tricking a person to call a telephone number that charges more than expected, a fraudster is able to get some sort of revenue from each call.
These attacks come in various forms, but they all have 2 parts:
1. They have acquired a Premium Rate number that enables them to “revenue share” with the terminating operator.
2. They trick people into calling the number or use a hacked PBX to dial it themselves.
Part one is easy, they can get numbers from most phone companies who offer them to legitimate businesses. These can include pay per call customer support services, sex lines, satellite lines, etc. In the USA these are usually associated with 1-900 numbers. But with the explosion of mobile virtual network operators (MVNO) it is easy for what looks like a regular number to actually charge more for the termination of the phone call than is expected (more on this when I cover arbitrage fraud).
Part two happens when people leave a message or send a text (SMS) message to get you to call a number back. This can be as simple as “Congratulations you have Won a chance to win a new CAR, please call #### to see if YOU ARE A WINNER.” Such a message sent to most voicemails will end with your voicemail system offering you a chance to call them back – at the premium number.
Essentially this causes the attacker to make use of the voicemail system to place calls to a premium number under their control, gaining them revenue for each minute they hold the line.
Please note that premium numbers that can cost more than $2 and up to $18 per min, and you are charged at per min rates. So a 6 second call will charge the full amount. They will go further by adding in a menu system or options that require you to enter your name or phone number as ways to keep you on the system longer.
The best tips here are to be careful in automatically dialing someone back to an unrecognized number and deals that sound too good to be true usually are.